Post on 14-Dec-2015
transcript
Sim
ple S
olu
tion
s for C
om
ple
x Pro
blem
s
E
ffe
ctiv
e S
ec
uri
ty C
om
plia
nc
e S
olu
tio
ns
JD
Ed
ward
s W
orld
an
d E
nterp
rise
On
e
Reducing the Cost of Compliance in JDE World & E1
Reducing the Cost of Compliancein
JD Edwards World & EnterpriseOne
Sim
ple S
olu
tion
s for C
om
ple
x Pro
blem
s
E
ffe
ctiv
e S
ec
uri
ty C
om
plia
nc
e S
olu
tio
ns
JD
Ed
ward
s W
orld
an
d E
nterp
rise
On
e
Reducing the Cost of Compliance in JDE World & E1
Security compliance solutionsfor JD Edwards
www.qsoftware.com
Be in control. Use Q Software
Sim
ple S
olu
tion
s for C
om
ple
x Pro
blem
s
E
ffe
ctiv
e S
ec
uri
ty C
om
plia
nc
e S
olu
tio
ns
JD
Ed
ward
s W
orld
an
d E
nterp
rise
On
e
Reducing the Cost of Compliance in JDE World & E1
Today, we will show you…
• How you can enhance your security reduce your cost of compliance
Sim
ple S
olu
tion
s for C
om
ple
x Pro
blem
s
E
ffe
ctiv
e S
ec
uri
ty C
om
plia
nc
e S
olu
tio
ns
JD
Ed
ward
s W
orld
an
d E
nterp
rise
On
e
Reducing the Cost of Compliance in JDE World & E1
Agenda
• About Q Software
• The Compliance Life-Cycle• Reducing the Cost of Compliance: World• Reducing Cost of Compliance: E1• Customer Case Study• Summary
Sim
ple S
olu
tion
s for C
om
ple
x Pro
blem
s
E
ffe
ctiv
e S
ec
uri
ty C
om
plia
nc
e S
olu
tio
ns
JD
Ed
ward
s W
orld
an
d E
nterp
rise
On
e
Reducing the Cost of Compliance in JDE World & E1
About Q Software
• Committed to JDE security That is ALL we do & have done so for 10 years
• Innovative Patent pending
• Continuing to invest in JDE Security Comprehensive product development roadmap SEC-Qure™ family released at OpenWorld 2005 New versions announced at Collaborate 2006 New versions released for OpenWorld 2006
• 180 customers 80% in USA Past 12 months: 45% from Canada + Europe
• Based near London, UK
Sim
ple S
olu
tion
s for C
om
ple
x Pro
blem
s
E
ffe
ctiv
e S
ec
uri
ty C
om
plia
nc
e S
olu
tio
ns
JD
Ed
ward
s W
orld
an
d E
nterp
rise
On
e
Reducing the Cost of Compliance in JDE World & E1
Q Software Alliances
With more than 35,000 members in more than 100 countries, the Information Systems Audit and Control Association (ISACA®) is a recognized worldwide leader in IT governance, control, security and assurance.
Sim
ple S
olu
tion
s for C
om
ple
x Pro
blem
s
E
ffe
ctiv
e S
ec
uri
ty C
om
plia
nc
e S
olu
tio
ns
JD
Ed
ward
s W
orld
an
d E
nterp
rise
On
e
Reducing the Cost of Compliance in JDE World & E1
Q Software Customers
Sim
ple S
olu
tion
s for C
om
ple
x Pro
blem
s
E
ffe
ctiv
e S
ec
uri
ty C
om
plia
nc
e S
olu
tio
ns
JD
Ed
ward
s W
orld
an
d E
nterp
rise
On
e
Reducing the Cost of Compliance in JDE World & E1
Agenda
• About Q Software
• The Compliance Life-Cycle• Reducing the Cost of Compliance: World• Reducing Cost of Compliance: E1• Customer Case Study• Summary
Sim
ple S
olu
tion
s for C
om
ple
x Pro
blem
s
E
ffe
ctiv
e S
ec
uri
ty C
om
plia
nc
e S
olu
tio
ns
JD
Ed
ward
s W
orld
an
d E
nterp
rise
On
e
Reducing the Cost of Compliance in JDE World & E1
Business need for security:- Corporate Governance (SOX)
• SOX section 404 requires organisations to state… “the effectiveness of the internal control structure”
• SOX section 202 mandates “frequent testing and validation of internal controls is
essential to quarterly confirmations of their effectiveness.”
• New security & data privacy laws• According to auditors:
SOD controls are paramount Effective controls makes sound business sense
Regardless of the regulatory need
Sim
ple S
olu
tion
s for C
om
ple
x Pro
blem
s
E
ffe
ctiv
e S
ec
uri
ty C
om
plia
nc
e S
olu
tio
ns
JD
Ed
ward
s W
orld
an
d E
nterp
rise
On
e
Reducing the Cost of Compliance in JDE World & E1
Company requirements
• Corporate Governance regulations result in four main tasks, companies have to fulfil in order to comply with the important and most frequently addressed requirements.
tomorrowtoday
Integration of CG components avoids redundancy and allows
efficient compliance with laws and regulations.
Fragments of CG components exist in the company.
Audit Committee
Reporting
Requirements
Internal
ControlRisk Management Internal
ControlRisk
Management
Audit Committee
Reporting Requirements
Corporate Governance
Corporate Governance
Sim
ple S
olu
tion
s for C
om
ple
x Pro
blem
s
E
ffe
ctiv
e S
ec
uri
ty C
om
plia
nc
e S
olu
tio
ns
JD
Ed
ward
s W
orld
an
d E
nterp
rise
On
e
Reducing the Cost of Compliance in JDE World & E1
The Compliance Life Cycle
Analysis
Security
Management
Segregation
Of Duties
Compliance
Reporting
Auditing
10 years
Sim
ple S
olu
tion
s for C
om
ple
x Pro
blem
s
E
ffe
ctiv
e S
ec
uri
ty C
om
plia
nc
e S
olu
tio
ns
JD
Ed
ward
s W
orld
an
d E
nterp
rise
On
e
Reducing the Cost of Compliance in JDE World & E1
Agenda
• About Q Software
• The Compliance Life-Cycle• Reducing the Cost of Compliance: World• Reducing Cost of Compliance: E1• Customer Case Study• Summary
Sim
ple S
olu
tion
s for C
om
ple
x Pro
blem
s
E
ffe
ctiv
e S
ec
uri
ty C
om
plia
nc
e S
olu
tio
ns
JD
Ed
ward
s W
orld
an
d E
nterp
rise
On
e
Reducing the Cost of Compliance in JDE World & E1
Access Analysis
• The Requirement Who can access what?
And how? What else can they access once there? Which critical programs can be accessed by whom?
And how?
• The Problem Almost impossible manually
Menu security set-up is complex Over 150,000 menu connections
Back-door access Reporting is VERY time-consuming “After the event” analysis – too late!
If fraud discovered, damage is done!
Sim
ple S
olu
tion
s for C
om
ple
x Pro
blem
s
E
ffe
ctiv
e S
ec
uri
ty C
om
plia
nc
e S
olu
tio
ns
JD
Ed
ward
s W
orld
an
d E
nterp
rise
On
e
Reducing the Cost of Compliance in JDE World & E1
Roles-based Security
• Recommended by Oracle• Recommended by auditors
• The Problems World only allows single roles Limits flexibility No simple tools to manage roles
Sim
ple S
olu
tion
s for C
om
ple
x Pro
blem
s
E
ffe
ctiv
e S
ec
uri
ty C
om
plia
nc
e S
olu
tio
ns
JD
Ed
ward
s W
orld
an
d E
nterp
rise
On
e
Reducing the Cost of Compliance in JDE World & E1
SoD Controls
• The Requirement Define, Manage & Report SoD Rules Report on Conflicts Address or Apply Compensating Procedures
• The Problems Volume / Complexity of Controls Analysis of “True” Access for Conflicts Enforcing / Maintaining Security Policy Compensating controls may be expensive
Manpower Money
Sim
ple S
olu
tion
s for C
om
ple
x Pro
blem
s
E
ffe
ctiv
e S
ec
uri
ty C
om
plia
nc
e S
olu
tio
ns
JD
Ed
ward
s W
orld
an
d E
nterp
rise
On
e
Reducing the Cost of Compliance in JDE World & E1
Compliance Reporting
• The Requirement Regular / Continual Testing
Who has access to what? Which critical programs can be accessed by
whom? What else can they access once there?
Reporting for auditors If tests not recorded, they “did not happen”
• The Problem Analysis impossibly complex Reporting VERY time-consuming On-going commitment
Sim
ple S
olu
tion
s for C
om
ple
x Pro
blem
s
E
ffe
ctiv
e S
ec
uri
ty C
om
plia
nc
e S
olu
tio
ns
JD
Ed
ward
s W
orld
an
d E
nterp
rise
On
e
Reducing the Cost of Compliance in JDE World & E1
Auditing
• The Requirement Reports – from regular testing
Who has access to what? Which critical programs can be accessed by whom? What else can they get at once in a program? SOD conflicts / breaches - Fraud MUST be
investigated Data extractions for off-line analysis
• The Problem Very time-consuming Difficult to prove compliance The bar will be raised year-on-year
Sim
ple S
olu
tion
s for C
om
ple
x Pro
blem
s
E
ffe
ctiv
e S
ec
uri
ty C
om
plia
nc
e S
olu
tio
ns
JD
Ed
ward
s W
orld
an
d E
nterp
rise
On
e
Reducing the Cost of Compliance in JDE World & E1
Exposures – What programs can a user access?
Menu security allows user Shane73 access to 5 programs only.
But function keys & lower level allow access to all these
Sim
ple S
olu
tion
s for C
om
ple
x Pro
blem
s
E
ffe
ctiv
e S
ec
uri
ty C
om
plia
nc
e S
olu
tio
ns
JD
Ed
ward
s W
orld
an
d E
nterp
rise
On
e
Reducing the Cost of Compliance in JDE World & E1
Exposure: Who can access critical programs?
Sim
ple S
olu
tion
s for C
om
ple
x Pro
blem
s
E
ffe
ctiv
e S
ec
uri
ty C
om
plia
nc
e S
olu
tio
ns
JD
Ed
ward
s W
orld
an
d E
nterp
rise
On
e
Reducing the Cost of Compliance in JDE World & E1
Demo: How can a user access a program?
Sim
ple S
olu
tion
s for C
om
ple
x Pro
blem
s
E
ffe
ctiv
e S
ec
uri
ty C
om
plia
nc
e S
olu
tio
ns
JD
Ed
ward
s W
orld
an
d E
nterp
rise
On
e
Reducing the Cost of Compliance in JDE World & E1
Exposures: How can a user access a program?
There are over 1,000 routes into the Voucher Entry program
P04105.
Sim
ple S
olu
tion
s for C
om
ple
x Pro
blem
s
E
ffe
ctiv
e S
ec
uri
ty C
om
plia
nc
e S
olu
tio
ns
JD
Ed
ward
s W
orld
an
d E
nterp
rise
On
e
Reducing the Cost of Compliance in JDE World & E1
Integrated World Security Compliance
Apply SoDrules / functions
inside World
Check SoD
Conflicts
In-depth
Access Analysis
Create Roles from
Group Profiles
(Re)-Assign
Users to Roles
Modify JDE
Security
Maintain Security•Staff / Role changes•Organisation changes
Reporting•Security settings•Access analysis
Audit•Prove compliance
JDE World
SEC-Qure™ WorldSOD
SEC-Qure™ WorldAnalyser
SEC-Qure™ WorldConfig
Set up JDE Group Profiles
Allocate Security
For each Group
Identify all
Access Routes
Sim
ple S
olu
tion
s for C
om
ple
x Pro
blem
s
E
ffe
ctiv
e S
ec
uri
ty C
om
plia
nc
e S
olu
tio
ns
JD
Ed
ward
s W
orld
an
d E
nterp
rise
On
e
Reducing the Cost of Compliance in JDE World & E1
recommends
"Q Software is a long-term JD Edwards World business partner and they have been providing security solutions for our customers for over 10 years. They thoroughly understand World security and continue to offer comprehensive security solutions which methodically complement ours." -John Schiff VP & GM, JD Edwards World
“We recommend Q Software to our customers." -Denise Grills Director Strategy & Marketing, JD Edwards World
Sim
ple S
olu
tion
s for C
om
ple
x Pro
blem
s
E
ffe
ctiv
e S
ec
uri
ty C
om
plia
nc
e S
olu
tio
ns
JD
Ed
ward
s W
orld
an
d E
nterp
rise
On
e
Reducing the Cost of Compliance in JDE World & E1
SEC-Qure™ World Reducing Compliance Costs
• Reduces analysis & reporting effort• Reduces security maintenance effort• Reduces risk
Only truly secure approach And maps security to the business processes
• Compliance easy to prove
Comprehensive Reporting
Historical (Roles) Audit Trail
Powerful Analysis
Comprehensive Reporting
“Find and Fix”
Simple & Effective
Integrated into World
Combines with Roles for SOD Enforcement
Compliance easy to prove
Unique Multiple Roles
Roles map to Business Process
Dynamic Security Assignment
Sim
ple S
olu
tion
s for C
om
ple
x Pro
blem
s
E
ffe
ctiv
e S
ec
uri
ty C
om
plia
nc
e S
olu
tio
ns
JD
Ed
ward
s W
orld
an
d E
nterp
rise
On
e
Reducing the Cost of Compliance in JDE World & E1
Q Software World Customers
“If asked to provide information on who can update data in a program, I can provide this the same day by updating access information and viewing the information in two-five strokes, instead of several days research and running queries, which would have taken me literally thousands of keystrokes. I see the greatest savings is time which then equals money”
“I don’t know how people cope without Q Software”
“I needed to identify and apply Action Code Security to critical programs – Q Software is the only way.”
Coachmen Industries
“I wholeheartedly recommend Q Software security to other World installations. I would certainly buy again – only this time I’d buy it and use it from Day One!”
“the man hours and dollars saved justified the investment”
Sim
ple S
olu
tion
s for C
om
ple
x Pro
blem
s
E
ffe
ctiv
e S
ec
uri
ty C
om
plia
nc
e S
olu
tio
ns
JD
Ed
ward
s W
orld
an
d E
nterp
rise
On
e
Reducing the Cost of Compliance in JDE World & E1
Agenda
• About Q Software
• The Compliance Life-Cycle• Reducing the Cost of Compliance: World• Reducing Cost of Compliance: E1• Customer Case Study• Summary
Sim
ple S
olu
tion
s for C
om
ple
x Pro
blem
s
E
ffe
ctiv
e S
ec
uri
ty C
om
plia
nc
e S
olu
tio
ns
JD
Ed
ward
s W
orld
an
d E
nterp
rise
On
e
Reducing the Cost of Compliance in JDE World & E1
E1 has different issues to World
• Compliance requirements remain the same• Architectures / functionality are different• Challenges & issues are different• Allows a different approach
Sim
ple S
olu
tion
s for C
om
ple
x Pro
blem
s
E
ffe
ctiv
e S
ec
uri
ty C
om
plia
nc
e S
olu
tio
ns
JD
Ed
ward
s W
orld
an
d E
nterp
rise
On
e
Reducing the Cost of Compliance in JDE World & E1
E1 Security Fundamentals
• All Doors Closed “Only way to ensure a fully auditable system” Granting back access fraught with risk
Using standard E1 Need to build a maintainable model
Sustainable compliance
Sim
ple S
olu
tion
s for C
om
ple
x Pro
blem
s
E
ffe
ctiv
e S
ec
uri
ty C
om
plia
nc
e S
olu
tio
ns
JD
Ed
ward
s W
orld
an
d E
nterp
rise
On
e
Reducing the Cost of Compliance in JDE World & E1
EnterpriseOne: Frequent Security Headaches
Associated
& Hidden
Progs
SOD
Multiple
Roles
Mainten-ance
Solution
Explorer
Repetition
Volume
29,000
objects
Audit-ability Row
Security
Sim
ple S
olu
tion
s for C
om
ple
x Pro
blem
s
E
ffe
ctiv
e S
ec
uri
ty C
om
plia
nc
e S
olu
tio
ns
JD
Ed
ward
s W
orld
an
d E
nterp
rise
On
e
Reducing the Cost of Compliance in JDE World & E1
Associated & Hidden Programs
The Problems• Average of 10 exits per program• New Hidden Programs introduced
Via Service Packs Upgrading to new versions
Sim
ple S
olu
tion
s for C
om
ple
x Pro
blem
s
E
ffe
ctiv
e S
ec
uri
ty C
om
plia
nc
e S
olu
tio
ns
JD
Ed
ward
s W
orld
an
d E
nterp
rise
On
e
Reducing the Cost of Compliance in JDE World & E1
Example of Hidden Programs
Hidden
Programs
Sim
ple S
olu
tion
s for C
om
ple
x Pro
blem
s
E
ffe
ctiv
e S
ec
uri
ty C
om
plia
nc
e S
olu
tio
ns
JD
Ed
ward
s W
orld
an
d E
nterp
rise
On
e
Reducing the Cost of Compliance in JDE World & E1
Multiple Roles: The Problem
• Problem with interaction between roles• Sequence Manager defines “level of security”
Audit problems – which role caused what access? Creates SOD nightmare Change a role – introduce unknown access model Concatenation of security can cause lock-out
“ our security admin manager changed a role and locked himself out!”
- A customer who wishes to remain anonymous!
Sim
ple S
olu
tion
s for C
om
ple
x Pro
blem
s
E
ffe
ctiv
e S
ec
uri
ty C
om
plia
nc
e S
olu
tio
ns
JD
Ed
ward
s W
orld
an
d E
nterp
rise
On
e
Reducing the Cost of Compliance in JDE World & E1
P01012 Action Code SecurityOK/Select = Y, All other Actions = N
P01012 Action Code SecurityDelete = N, All other Actions = Y
• Sequence Number assigned when role added• Greatest number takes precedence in conflict situation
Added Roles are assigned Sequence Number
Sim
ple S
olu
tion
s for C
om
ple
x Pro
blem
s
E
ffe
ctiv
e S
ec
uri
ty C
om
plia
nc
e S
olu
tio
ns
JD
Ed
ward
s W
orld
an
d E
nterp
rise
On
e
Reducing the Cost of Compliance in JDE World & E1
Delete = N, All other Actions = Y
Resulting Level of Access is as intended
Sim
ple S
olu
tion
s for C
om
ple
x Pro
blem
s
E
ffe
ctiv
e S
ec
uri
ty C
om
plia
nc
e S
olu
tio
ns
JD
Ed
ward
s W
orld
an
d E
nterp
rise
On
e
Reducing the Cost of Compliance in JDE World & E1
• Change required for other hierarchical reasons• Could result in additional unexpected security model changes
P01012 Action Code SecurityOK/Select = Y, All other Actions = N
P01012 Action Code SecurityDelete = N, All other Actions = Y
Role Sequence Change
Sim
ple S
olu
tion
s for C
om
ple
x Pro
blem
s
E
ffe
ctiv
e S
ec
uri
ty C
om
plia
nc
e S
olu
tio
ns
JD
Ed
ward
s W
orld
an
d E
nterp
rise
On
e
Reducing the Cost of Compliance in JDE World & E1
Add / Copy no longer available
Undesirable Consequence
Sim
ple S
olu
tion
s for C
om
ple
x Pro
blem
s
E
ffe
ctiv
e S
ec
uri
ty C
om
plia
nc
e S
olu
tio
ns
JD
Ed
ward
s W
orld
an
d E
nterp
rise
On
e
Reducing the Cost of Compliance in JDE World & E1
Simplifying Multiple Roles in SEC-Qure™ E1Config
A/P Voucher ClerkA/P Voucher Clerk
Secondary Role 2 Secondary Role 2
Secondary Role 3Secondary Role 3
A/P “Super” Voucher Clerk
Role
A/P “Super” Voucher Clerk
Role
Component 3Component 3
A/P Voucher ClerkA/P Voucher Clerk
Component 2Component 2
Sim
ple S
olu
tion
s for C
om
ple
x Pro
blem
s
E
ffe
ctiv
e S
ec
uri
ty C
om
plia
nc
e S
olu
tio
ns
JD
Ed
ward
s W
orld
an
d E
nterp
rise
On
e
Reducing the Cost of Compliance in JDE World & E1
If you really do need multiple roles…
• Don’t worry SEC-Qure™ E1Config alerts you to problems
Sim
ple S
olu
tion
s for C
om
ple
x Pro
blem
s
E
ffe
ctiv
e S
ec
uri
ty C
om
plia
nc
e S
olu
tio
ns
JD
Ed
ward
s W
orld
an
d E
nterp
rise
On
e
Reducing the Cost of Compliance in JDE World & E1
The Volume & Maintenance Problem
• 29,000 objects• Several hundred thousand lines of
security Potentially millions
• Errors• Oversights
Sim
ple S
olu
tion
s for C
om
ple
x Pro
blem
s
E
ffe
ctiv
e S
ec
uri
ty C
om
plia
nc
e S
olu
tio
ns
JD
Ed
ward
s W
orld
an
d E
nterp
rise
On
e
Reducing the Cost of Compliance in JDE World & E1
The Solution Explorer Problem
• Solution Explorer is now mandatory• No link between Solution Explorer
Tasks and Security• Much effort is duplicated
Sim
ple S
olu
tion
s for C
om
ple
x Pro
blem
s
E
ffe
ctiv
e S
ec
uri
ty C
om
plia
nc
e S
olu
tio
ns
JD
Ed
ward
s W
orld
an
d E
nterp
rise
On
e
Reducing the Cost of Compliance in JDE World & E1
Demo: Security from Solution Explorer Tasks
Sim
ple S
olu
tion
s for C
om
ple
x Pro
blem
s
E
ffe
ctiv
e S
ec
uri
ty C
om
plia
nc
e S
olu
tio
ns
JD
Ed
ward
s W
orld
an
d E
nterp
rise
On
e
Reducing the Cost of Compliance in JDE World & E1
SEC-Qure™ E1Config Reducing Compliance Costs - ADC
• Reduces security set-up by 80%• Reduces security maintenance by 50%• Reduces Analysis & Reporting Effort from days to minutes
Comprehensive Reporting
Simple Reports
Associated &
Hidden programs
Re-usable Components
Links Solution Explorer to security
Multiple Roles Management
Simple & Effective
Checked whenever security changed
Easy enforcement of SOD policy
Compliance easy to prove
Sim
ple S
olu
tion
s for C
om
ple
x Pro
blem
s
E
ffe
ctiv
e S
ec
uri
ty C
om
plia
nc
e S
olu
tio
ns
JD
Ed
ward
s W
orld
an
d E
nterp
rise
On
e
Reducing the Cost of Compliance in JDE World & E1
What you tell us
“In my previous company it took about 15-18 man months of effort to set up the JDE security manually. Here, using Q Software, it took around 2 man months.”
“Using Q Software, the security tasks for the first implementation phase took four weeks – around 85% reduction on the original estimate of six months without Q Software.”
“It was estimated that the software would achieve as much as a 50% reduction in the workload of maintaining security.”
“Q Software enabled us to undertake the security aspects of EnterpriseOne in-house and saved us the expense of employing an external consultant”
“Previously it took at least four hours to set up new groups, but with Q Software that time has been reduced to about 15 minutes.”
Sim
ple S
olu
tion
s for C
om
ple
x Pro
blem
s
E
ffe
ctiv
e S
ec
uri
ty C
om
plia
nc
e S
olu
tio
ns
JD
Ed
ward
s W
orld
an
d E
nterp
rise
On
e
Reducing the Cost of Compliance in JDE World & E1
Agenda
• About Q Software
• The Compliance Life-Cycle• Reducing the Cost of Compliance: World• Reducing Cost of Compliance: E1• Customer Case Study• Summary
Sim
ple S
olu
tion
s for C
om
ple
x Pro
blem
s
E
ffe
ctiv
e S
ec
uri
ty C
om
plia
nc
e S
olu
tio
ns
JD
Ed
ward
s W
orld
an
d E
nterp
rise
On
e
Reducing the Cost of Compliance in JDE World & E1
Customer Case Study
• Situation Engineering & Construction Industry Private & Public Sector clients Believes in good corporate governance
For long-term benefit of the company But SOX was the ultimate driver 2,000+ heavy users 8,000 occasional users
• The Problems Managing the 8,000 occasional users Many security short-comings Effort / Cost required to manage security
Sim
ple S
olu
tion
s for C
om
ple
x Pro
blem
s
E
ffe
ctiv
e S
ec
uri
ty C
om
plia
nc
e S
olu
tio
ns
JD
Ed
ward
s W
orld
an
d E
nterp
rise
On
e
Reducing the Cost of Compliance in JDE World & E1
Customer Case Study
• The Impact of the Problems “Unhealthy” audit
Potential impact on business, especially government High audit costs
Many deficiencies to be investigated Security management costs were very high Exposed to fraud potential
Sim
ple S
olu
tion
s for C
om
ple
x Pro
blem
s
E
ffe
ctiv
e S
ec
uri
ty C
om
plia
nc
e S
olu
tio
ns
JD
Ed
ward
s W
orld
an
d E
nterp
rise
On
e
Reducing the Cost of Compliance in JDE World & E1
Customer Case Study
• The Need Make security more manageable Make compliance more sustainable Reduce the cost & effort involved Implement tighter SOD controls Become compliant / pass the next audit
Sim
ple S
olu
tion
s for C
om
ple
x Pro
blem
s
E
ffe
ctiv
e S
ec
uri
ty C
om
plia
nc
e S
olu
tio
ns
JD
Ed
ward
s W
orld
an
d E
nterp
rise
On
e
Reducing the Cost of Compliance in JDE World & E1
Customer Case Study: The Solution
• SEC-Qure™ WorldAnalyser Analysed short-comings / exposures
Back-door access etc Identified magnitude of the problem
• SEC-Qure™ WorldConfig Enabled multiple roles-based security model Cut 8,000 occasional users down to 150 roles User’s security changes dynamically
when new role selected
• SEC-Qure™ WorldSOD SOD rules integrated into World 5 different Severity Levels attached to different rules Security Officer warned of potential violations when
assigning roles or changing role security Report on any breach in the security set-up 900 rules
Agreed with auditor
4½
MONTHS
Sim
ple S
olu
tion
s for C
om
ple
x Pro
blem
s
E
ffe
ctiv
e S
ec
uri
ty C
om
plia
nc
e S
olu
tio
ns
JD
Ed
ward
s W
orld
an
d E
nterp
rise
On
e
Reducing the Cost of Compliance in JDE World & E1
Customer Case Study
• The Benefits Significant reduction in security management effort
Set up a new user in 10 minutes Add security for new country – 20 minutes!
Reduction in audit costs Both internal & external auditors “love it” Easy to test, prove & report on compliance
Easy to identify potential SOD violations Easy to report on roles
Set-up Security Assignments Audit trail of assignments / adoption
Passed the 2006 audit “as different as night and day”
Sim
ple S
olu
tion
s for C
om
ple
x Pro
blem
s
E
ffe
ctiv
e S
ec
uri
ty C
om
plia
nc
e S
olu
tio
ns
JD
Ed
ward
s W
orld
an
d E
nterp
rise
On
e
Reducing the Cost of Compliance in JDE World & E1
“We could not have achieved this without Q Software’s SEC-Qure integrated
security compliance solutions.”
Sim
ple S
olu
tion
s for C
om
ple
x Pro
blem
s
E
ffe
ctiv
e S
ec
uri
ty C
om
plia
nc
e S
olu
tio
ns
JD
Ed
ward
s W
orld
an
d E
nterp
rise
On
e
Reducing the Cost of Compliance in JDE World & E1
Agenda
• About Q Software
• The Compliance Life-Cycle• Reducing the Cost of Compliance: World• Reducing Cost of Compliance: E1• Customer Case Study• Summary
Sim
ple S
olu
tion
s for C
om
ple
x Pro
blem
s
E
ffe
ctiv
e S
ec
uri
ty C
om
plia
nc
e S
olu
tio
ns
JD
Ed
ward
s W
orld
an
d E
nterp
rise
On
e
Reducing the Cost of Compliance in JDE World & E1
Security compliance solutionsfor JD Edwards
www.qsoftware.com
Security a head ache? Use Q Software
Sim
ple S
olu
tion
s for C
om
ple
x Pro
blem
s
E
ffe
ctiv
e S
ec
uri
ty C
om
plia
nc
e S
olu
tio
ns
JD
Ed
ward
s W
orld
an
d E
nterp
rise
On
e
Reducing the Cost of Compliance in JDE World & E1
Summary: Reducing Cost of Compliance
• Compliance requirements remain the same• Challenges & issues are different• Allows a different approach
• Q Software can reduce CoC at every stage
Sim
ple S
olu
tion
s for C
om
ple
x Pro
blem
s
E
ffe
ctiv
e S
ec
uri
ty C
om
plia
nc
e S
olu
tio
ns
JD
Ed
ward
s W
orld
an
d E
nterp
rise
On
e
Reducing the Cost of Compliance in JDE World & E1
For more information
•For a copy of the presentation or white papers•Email: info@qsoftware.com
•To book a Webinar•Visit www.qsoftware.com/events.htm
Sim
ple S
olu
tion
s for C
om
ple
x Pro
blem
s
E
ffe
ctiv
e S
ec
uri
ty C
om
plia
nc
e S
olu
tio
ns
JD
Ed
ward
s W
orld
an
d E
nterp
rise
On
e
Reducing the Cost of Compliance in JDE World & E1
Question ?